mailin icon indicating copy to clipboard operation
mailin copied to clipboard

Published 20 hours ago verified publisher icon Flolagale

Security best practices

Open dibari opened this issue 10 years ago • 3 comments

Are there any security best practices you can recommend related to large email size or attachment size? For example, if someone wanted to spam your system with a barrage of emails that have 20MB+ attachment sizes, things would get slow.

dibari avatar Sep 04 '14 11:09 dibari

Right. There is a simplesmtp option to limit the size of the attachments but it is informative only, meaning that a malicious smtp client could send the attachement anyway. So to be clear, there is currently no way to refuse emails with large attachment sizes. Being able to do so is something that I would like to integrate though.

Flolagale avatar Sep 04 '14 11:09 Flolagale

Mmm actually we might be able to check the size and refuse the message before receiving it, see https://github.com/andris9/simplesmtp/blob/master/examples/size.js#L18. Let me investigate a bit.

Flolagale avatar Sep 04 '14 12:09 Flolagale

So, what is the conclusion on this? It's impossible to refuse attachments that large? We could just cut off the smtp connection, right?

bjlaur avatar Jun 04 '15 18:06 bjlaur